Hello,
My idea to use X2GO in corp environment on linux & windoze, and I have complain about possible miss-configuration or "accidental settings" of client setting by users. There is any existing solution to lock client settings (all settings) by users? For example make connection, configuration setting to set ready only/dimmed-grayed out exempt someone who have admin rights?
any advise, suggestion welcome
thanks George Urbanovits
I think something like that is possible using the x2go broker.
Uli
Urbanovits György <gyorgy.urbanovits@hotmail.com> schrieb am Fr., 1. März 2024, 14:45:
Hello,
My idea to use X2GO in corp environment on linux & windoze, and I have complain about possible miss-configuration or "accidental settings" of client setting by users. There is any existing solution to lock client settings (all settings) by users? For example make connection, configuration setting to set ready only/dimmed-grayed out exempt someone who have admin rights?
any advise, suggestion welcome
thanks George Urbanovits
x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user
Am 29.04.24 um 08:02 schrieb Ulrich Sibiller:
I think something like that is possible using the x2go broker.
No. Not in the sense that it can be locked down completely against a "hostile" user. There are ways to provide sane defaults, though. (See my reply to the original post for a lengthy answer.)
Kind Regards, Stefan Baur
-- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243
Am 01.03.24 um 14:45 schrieb Urbanovits György:
Hello,
My idea to use X2GO in corp environment on linux & windoze, and I have complain about possible miss-configuration or "accidental settings" of client setting by users. There is any existing solution to lock client settings (all settings) by users? For example make connection, configuration setting to set ready only/dimmed-grayed out exempt someone who have admin rights?
any advise, suggestion welcome
To avoid accidental changes, you can use --no-menu and --no-session-edit, as explained in "man x2goclient", and store the sessions file on a read-only network share. --session-conf=/path/to/sessions-file is the parameter for that, also explained in the manpage.
Or you can use a session broker setup.
However, there is no way of stopping a user that deliberately wants to mess with the configuration. They will always find a way to run x2goclient without any parameters/with their custom parameters, bypassing your restrictions.
I guess the only way around it might (i.e., still no guarantee) be the HTML5Client in a rather elaborate setup, where users do not have direct access to the X2GoServer via IP, only to the HTML5Client. But, the HTML5Client is neither release-ready nor feature-complete yet ...
Kind Regards, Stefan Baur
-- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243
Thanks a lot Stefan that is good way for first step
All my best George
My idea to use X2GO in corp environment on linux & windoze, and I have complain about possible miss-configuration or "accidental settings" of client setting by users. There is any existing solution to lock client settings (all settings) by users? For example make connection, configuration setting to set ready only/dimmed-grayed out exempt someone who have admin rights?
any advise, suggestion welcome
To avoid accidental changes, you can use --no-menu and --no-session-edit, as explained in "man x2goclient", and store the sessions file on a read-only network share. --session-conf=/path/to/sessions-file is the parameter for that, also explained in the manpage.
Or you can use a session broker setup.
However, there is no way of stopping a user that deliberately wants to mess with the configuration. They will always find a way to run x2goclient without any parameters/with their custom parameters, bypassing your restrictions.
I guess the only way around it might (i.e., still no guarantee) be the HTML5Client in a rather elaborate setup, where users do not have direct access to the X2GoServer via IP, only to the HTML5Client. But, the HTML5Client is neither release-ready nor feature-complete yet ...
Kind Regards, Stefan Baur
-- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243
x2go-user mailing list x2go-user@lists.x2go.org<mailto:x2go-user@lists.x2go.org> https://lists.x2go.org/listinfo/x2go-user